Ten Years After Columbia

The moment of truth for Wayne Hale:

Much later, while the debris recovery effort was going on in East Texas, the trajectory analysts put together an estimated plot of where the Columbia pieces would have come down for a 1 rev late deorbit. The toe of the ellipse – where the heaviest pieces would come down – cut across the southwestern suburbs of Houston. My home – my wife – would have been in the target zone where the 2 ton steel main engine combustion chambers would have hit the ground at supersonic speeds. JSC would have been at ground zero for the debris; the MCC would likely have been struck. That is a scenario that is just too implausible for words.

Knowing what we now know, it might have seemed, in some sense, ironic, poetic justice.

28 thoughts on “Ten Years After Columbia”

  1. My wife was at, using Wayne’s description, the heel of the debris zone, which actually was the lighter pieces. However, my parent’s home (thought they were not there that day) was much closer to the toe.

    It’s interesting that Wayne thought the crew compartment might have survived with possible bail out. To this day, I always wonder if Rick Husband had not cut out the automated RCC control out, if they might have made it to a point of bailout (and had they known they needed to bailout). I’m doubtful bailout would have been survivable, but neither was what happened.

  2. In terms of getting one’s just deserts, the real-life tale of the R101 crash is perhaps the highest form of irony, recounted in Neville Shute Norway’s very interesting autobiography, “Slide Rule.”

    The competition between the privately developed (Vickers) R100 and the UK Royal Air Ministry R101 was intense, and many decisions taken regarding the latter airship were flawed, much in the way Shuttle decisions were, beginning in the early 1970s. But in the case of the R101, the crash occurred while the then Air Minister, Lord Thompson, was on his way aboard the airship to take up his new posting as Viceroy of India. That’s irony.

    This observation has led some to say that it was too bad the Challenger only had seven seats, filled with the wrong people.

    The summary from Wikipedia: http://en.wikipedia.org/wiki/R101

    “R101 was the result of a British government initiative to develop airships to provide passenger and mail transport from Britain to the most distant parts of the British Empire, including India, Australia and Canada. These distances were too great for heavier-than-air aircraft of the period. The Burney Scheme of 1922 had proposed a civil airship development programme to be carried out by a specially established subsidiary of Vickers with the support of the British government, but when the General Election of 1923 brought Ramsay MacDonald’s Labour administration to power the new Air Minister, Lord Thomson, formulated the Imperial Airship Scheme in its place. This called for the building of two experimental airships: one, R101, to be designed and constructed under direction of the Air Ministry, and the other, R100, to be built by Vickers’s Airship Guarantee Company under a fixed price contract. This led to the nicknames the “Socialist Airship” and the “Capitalist Airship”.”

  3. Leland,

    I hadn’t read anything about the commander doing anything to the autopilot, aside from momentarily touching the control stick (which may have been an accidental bump.) Do you have a source for that info?

    Based on everything I’ve read, I suspect that the commander and pilot had a pretty good idea of how much trouble they were in. The elevator trim settings indicated increased drag on the left wing, which is the first sign of TPS damage or an off-nominal entry. (At least that’s what I gathered from Hoot Gibson’s recollection of STS-27, when the crew thought they’d burn up.) Even if the elevon trim didn’t tip them off, the increasing thruster firings would have definitely been a giveaway that entry wasn’t going according to plan. Eventually the crew would have got an alarm when the hydraulic pressure dropped due to burn through, at which point the pilot reset the APU (confirmed by the switch settings on the recovered control panel.)

    1. It’s in the CAIB. Autopilot isn’t quite the right word, but I wasn’t trying to be very technical.

      During entry, the RCS system is in auto mode to maintain attitude. Because of the damage, there was increased drag on the port wing. The RCS automatically compensated for this. Two things started to become apparent, the roll/yaw rate was saturating the RCS systems capability and they were running out of propellant. If I recall correctly (unfortunately, don’t have time this minute to hunt for a copy), a report of the situation is called up to Husband by CAPCOM, Husband acknowledges and says he was going to go to manual control of RCS. LOS occurs a moment after that acknowledgement.

      I’ll try and get more for you later. I do agree entirely with your second paragraph.

      1. Mark,

        I’m sorry. I’ve looked and can’t find it. NASA has taken down the CAIB site, but they still have this. I can’t find anything to substantiate my comments, though I recall the information provided very clearly, and I’ve had the concern mentioned in the first comment for some time. It may be from discussions I had with people who worked the mission, thus I cannot provide reference.

        That said, if RCS could have held the building moment, I just think there was a chance to get past heating, which would then provide some chance of bailout. I don’t think the vehicle would have ever made the Atlantic (where a more nominal bailout could occur), but maybe the Gulf of Mexico. The chance of success would have been very low.

        At the point of breakup, there was too much heating, too high velocity, and too high altitude. As I reread the CAIB, it tends to focus on the landing gear possibly protruding as the last act that the RCS could no longer recover.

      2. If I recall correctly (unfortunately, don’t have time this minute to hunt for a copy), a report of the situation is called up to Husband by CAPCOM, Husband acknowledges and says he was going to go to manual control of RCS. LOS occurs a moment after that acknowledgement.

        That recollection is unsupported by the transcript at SpaceflightNow (which appears to be more complete than the one in the CAIB report).

        It is also unsupported by the Columbia Crew Survival Report I linked in my other post. The autopilot downmode occurred over 25 seconds after loss-of-control, was most likely caused by an accidental hand-controller bump, and the crew returned the autopilot to AUTO mode shortly after (see p 1-19 and 1-20).

        1. Nemo,

          That recollection is unsupported Indeed, I already stated my recollection is unsupported. I even included an apology.

          From the CAIB report Vol I section 7 Loss of Control of Vehicle:

          Even with all thrusters firing, combined with a maximum rate of change of aileron trim, the flight control system was unable to control the left yaw, and control of the Orbiter was lost at EI+970 seconds.

          So,

          No, it was loss of hydraulics that caused the loss-of-control.

          Is incorrect. Well, incorrect sort of depends on what part of the report you read, and what you make of it. For instance, when I read the sections of Crew Survivability you highlighted, I see:

          RGPC-2 data indicate that the RHC
          was moved beyond neutral sometime between GMT 14:00:01.7 (EI+952) and GMT 14:00:03.6 (EI+954),
          triggering a “DAP DOWNMODE RHC” message at GMT 14:00:03.637 (EI+954).

          That’s 16 seconds before Loss of Control per CAIB report Volume I, not 28 seconds after. So, you’re incorrect again. But then, you quote the section later that says hydraulics went to zero at EI+956, still 14 seconds before Loss of Control per CAIB. It seems CAIB considers Loss of Control at EI+969/970 based on ground based video and when power was lost to OEX (your source at 1-20).

          As for the CAIB site, type CAIB into Bing or goto Wikipedia on the Columbia accident, and you’ll get NASA’s original CAIB site, http://caib.nasa.gov That site was taken down.

          I actually thank you for the information, but I do think you should reconsider your use of “incorrect”. If you are trying to discredit me, go right ahead. But you’re more useful when you add value.

          1. From the CAIB report Vol I section 7 Loss of Control of Vehicle

            The CAIB report is not the last word on the matter, the Crew Survival Report is. It was published five years later and took a much more thorough look at all the available data. It acknowledges the CAIB’s conclusion on p. 1-16 but goes on to cite other data that led their team to a different conclusion:

            The Spacecraft Crew Survival Integration Investigation Team (SCSIIT) concluded that the LOC occurred as a result of the loss of hydraulics at GMT 13:59:37 (EI+928). The loss of hydraulics likely occurred when all three redundant hydraulic systems lost pressure due to breaches in the hydraulic lines from thermal damage in the left wing.

            That, Leland, is the last word on the matter, and that is why I said you were incorrect.

            That’s 16 seconds before Loss of Control per CAIB report Volume I, not 28 seconds after. So, you’re incorrect again.

            One more time, Leland. The CAIB is not the final word on the matter, the Crew Survival report is. LOC was at 13:59:37.

            As for the CAIB site, type CAIB into Bing or goto Wikipedia on the Columbia accident, and you’ll get NASA’s original CAIB site, http://caib.nasa.gov That site was taken down.

            Then you’re using the wrong search engine. Type “CAIB report” into Google and the site I linked is the very first one on the list.

          2. Typing CAIB into google gets me the wiki link to the accident. The first link there for CAIB homepage is caib.nasa.gov. The next link in google is to caib.net for a California Association of Independent Businesses. Just saying…

            Yes, the Crew Survivability Report uses data the CAIB didn’t have, and provides more analysis. It is currently the last word on the matter. BTW, for fun, checkout the Executive Summary on page XIX for a link.

    2. Even if the elevon trim didn’t tip them off, the increasing thruster firings would have definitely been a giveaway that entry wasn’t going according to plan.

      No, thruster firings are not obvious to the crew. They were aft RCS thrusters, can’t be seen or felt from the cabin. The only indicator of RCS activity is a small set of lights on the forward panel. The Columbia Crew Survival Investigation Report notes this on p. 1-14: “Experience shows that this jet fire light is not easily noticed” (which is an understatement, based on my experience in the SMS and SES). Furthermore, the light illuminated at GMT 13:59:30, only seven seconds before loss-of-control.

      Eventually the crew would have got an alarm when the hydraulic pressure dropped due to burn through, at which point the pilot reset the APU (confirmed by the switch settings on the recovered control panel.)

      The crew got multiple alarms before that. The first was a tire pressure alarm at 13:58:39 GMT, 58 seconds before loss-of-control (p. 1-13). The APU switch positions were not reflected in recovered data, and therefore must have happened after 14:00:05, at least 28 seconds after loss-of-control.

  4. Yes, in retrospect it was probably not a good idea for the Shuttle to re-entry over the U.S. or any large land area. And I suspect the same will probably be true for any large future RLVs.

    As a side note when I saw the map of the debris pattern it reminded me of the one I saw at a safety presentation by a team of WSMR veterans in the late 1990’s for the old Southwest Regional Spaceport (now Spaceport America) for the proposed VentureStar. It was based on a model using data from the many missile tests at the range over the decades.

    I recall bringing up the topic of why an inland sites were even being considered given the risk and someone, I believe from Lockheed, pointed out that the Shuttle had re-entered numerous times without incident and what the folks from WSMR were doing were showing a very unlikely worst case scenario…

    1. I’d hope that future RLV’s wouldn’t disintegrate too much more often that airliners, otherwise they wouldn’t be very reusable would they?

      1. Andrew,

        The problem is that RLV’s are at higher altitude and have much more kinetic energy during re-entry, which is where the increased risk comes from. There is a similar risk during the launch phase. Just compare the debris field from the Shuttle with your average airliner crash, which is usually at low altitude and the low speeds associated with landing or take off.

        Also RLV’s during launch and re-entry, because of the speeds involved, have far fewer options for changing their flight paths than conventional aircraft, which means fewer options for limiting damage to facilities and individuals on the ground.

        BTW Launch from SRS was no problem because it would be over WSMR for the first hundred miles, it was the re-entry and landing which would have to be been restricted to narrow corridors to avoid populated areas, corridors similar to those that are already used for rocket launches from Green River and Ft. Wingate. And yes, occasionally some rockets have crashed outside the range, but being unmanned there is little press on them.

        1. The problem is that RLV’s are at higher altitude and have much more kinetic energy during re-entry, which is where the increased risk comes from.

          If you’re suggesting the debris from reentering vehicles will have so much more kinetic energy than debris from an airliners disintegration as to make it significantly more hazardous you’d be wrong, excepting very large objects similar sized bits will all hit the ground at about the same speed.
          If someone we to actually do an analysis of the likely number of people on the ground that would have been killed by the debris from Columbia if it had come down an orbit later I expect the result would be very few if any.

          1. Andrew,

            Its those big large dense pieces that are the problem.

            As for the Columbia, it really depends on what the heavy elements hit on their way down. They may have miss everyone and anything important. Or they may have hit one of the refineries , hotels, maybe even mission control…

            In any case if you are able to avoid the risk by carefully selecting your re-entry and launch corridors, keeping them over the ocean or wide open spaces its foolish not to.

          2. If someone we to actually do an analysis of the likely number of people on the ground that would have been killed by the debris from Columbia if it had come down an orbit later I expect the result would be very few if any.

            Someone did. See CAIB Appendix D.16, p. 500-501.

  5. “That is a scenario that is just too implausible for words.”

    I do not think that word means what he thinks it means.

    Since correlation = causation, I have determined that it is important that we not name any future manned spacecraft starting with the letter “C”.

  6. I never understood why there were not two shuttles prepped for launch at any one time, one for the next mission and one on standby as a backup/rescue vehicle.

      1. That’s more or less what they did after Columbia.

        No, only for STS-125, the Hubble flight. For the other flights, which were all to ISS, it was sufficient to have the next shuttle at the point in its processing where it could be launched within the ISS Contingency Shuttle Crew Support (CSCS) limits – typically the orbiter would still be in the OPF at this point.

        It was not practical to have two shuttles prepped for launch for all flights due to the size of the orbiter fleet, the amount of turnaround time needed, and the size of the workforce.

    1. I think that is back on the cultural issue. What could be done?

      There’s other things too. No one ever thinks to save another aircraft by having a backup aircraft rendezvous. Spaceflight does have rendezvous, but never in the 4 decades of flight had such a rescue event occurred. So not only did you have a culture that thought nothing could be done; there was no history in which to counter those beliefs.

      1. Every flight test program (and the shuttle was still a flight test program, whether they admitted it or not) has what’s called the What-If document. The test team, including the vehicle’s engineering design and analysis team, look at various things that can go wrong and figure out any mitigations that can be performed both before and after the fact. In the end, what I find most inconceivable (cue The Princess Bride) is that apparently there were no what-ifs for “how do we fix a broken TPS” or “how do we get a shuttle crew down in an emergency.” This is really what saved Apollo 13 – they already had a What-If for how to use the LEM as a lifeboat, so even though the specifics of the actual event were somewhat different than the What-If, they had a good point of departure.

        Obviously there are always going to be failures you can’t recover from; for example, in a single-engine helicopter, loss of power in a hover below the dead-man’s curve altitude cannot be recovered; you just don’t have enough altitude to establish an autorotation before you hit the ground. But it appears that the shuttle program never had what-ifs for the Columbia problem, hence all of the fatalistic “it doesn’t matter”.

        I’ve also wondered about an apparent inconsistency in Mr. Hale’s account: there was all of the hand-wringing about “what can be done”, but when the disaster happened, he thought that the crew compartment may have survived at first. If the crew had been told that they had a potentially-serious problem, maybe they would have had their suits sealed up. Obviously they really couldn’t have survived the breakup, but if NASA people concerned about a burnthrough thought the crew compartment might survive, then why not protect the crew against loss of pressure.

        1. Not to deveat too far from your point, but NASA did have some what ifs. For instance, we had contingencies for sudden crew health emergencies (which suspects an otherwise fine Orbiter). I think my points over the various threads this past week was that how far those what ifs went was limited by the culture.

          I will say many had little to no confidence in the TPS repairs developed for return to flight, even after testing. Personally, I rather have them than nothing, and I do think they might just have worked. My biggest concern was the actual repair process.

          Your second goes to why I keep thinking of ways the crew might have made it to bailout. Again, I can’t verify my recollection (and it’s been many years), but this is an issue of minutes and seconds. At 15,000 mph, another minute or two would have changed where debris landed or might have brought much of the vehicle out of peak heating. Further, the whole point of the ACES suits was the thought that it might have given the Challenger crew a chance, since it’s crew compartment stayed intact until splashdown. Again, all these scenarios were likely just as fatal but none were entertained by leadership during the mission. Simple things; gather as much data as you can, tell the crew, give yourself and the crew a fighting chance.

          1. Leland, I may not fully understand your assessments of the Columbia situation, or below I may be saying what you’ve already said in a different way on this subject. Not criticizing you, just trying to add more information to the discussion. So here goes:

            From my reading of the publicly-released Columbia Crew Survivability Report (that may not be the exact title; if not apologies for my memory), the crewmembers all suffered fatal blunt force trauma injuries at some time, due to the lack of capability of their helmets, seats, and seat restraint harnesses to protect the crew from the forces resulting from crew module accelerations during and immediately after main vehicle break-up.

            Even if their suits had been sealed when the crew module depressed and they had enough oxygen to survive to bail-out altitude, even if the crew module did not burn through, UNLESS the Orbiter retained enough control authority during initial main structural section break-up to keep the crew module accelerations a lot lower than experienced during the actual accident, the crewmembers were doomed due to the limitations of the hardware I listed above. NASA is working to update requirements and designs for Orion crew suits (especially the helmets) and seat harnesses based on the Columbia Crew Survivability investigation.

          2. BlueMoon,

            I think we were saying things in different ways. For yourself and Nemo, I repeat: “Again, all these scenarios were likely just as fatal but none were entertained by leadership during the mission.”

            When I wonder about the break-up, I wonder what the crew could have done to, in your words, “retained enough control authority during initial main structural section break-up to keep the crew module accelerations a lot lower than experienced during the actual accident,” I have two ways/scenarios of thinking this through, what could the crew do considering a nominal landing to KSC (such as what was attempted), and what could have been done to minimize the stress on the port wing to get the crew to any bailout.

            In the former case, I can’t find anything that gets the orbiter to the Atlantic, which is where I think it needed to be for any chance of a successful bailout. Why Atlantic? Because peak structural loading occurs when the Orbiter is in the Heading Alignment Cone. If the port wing survived to Florida, it would have failed while attempting to land. However, peak heating is over by the time you reach Florida and you’re at a slower speed and altitude, so conditions for bailout may exist. Still, I can’t come up with a scenario that gets you to the Atlantic, if you’re intent on overflying KSC.

            More often, I tend to consider the latter scenario, and for me, the latter starts with these assumptions: “nothing could be done” to rescue the crew, but imagery gave enough confirmation that a nominal landing wasn’t possible, thus could we have gotten to crew to a bailout altitude (or environment if you think altitude, speed, attitude, and other parameters)? By bailout altitude, I mean purely that, and not at some X position in the world other than X being over a large body of water near US maritime assets. Thus one of the things that could be changed is minimizing cross range. Another is eliminating maneuvers designed to bleed of speed for landing, which increase heat and stress on the wings. This is all highly speculative, but its based on information gained while supporting this experiment. Would it had worked? Doubtful, but more to the point, the culture would have killed most of these ideas before they were explored. The culture tried to stop that experiment as well.

  7. So last year, “Failure is not an Option” was released as an audiobook. I’m listening to it now on my commute. I just covered Glenn’s 1st orbital flight. It’s interesting that the 1st Flight Director Chris Kraft also didn’t want to tell Glenn about the concerns of the spacecraft. Because information was relayed to and from otherwise independent ground stations; one ground station didn’t get the general jist that Glenn wasn’t to know why he was being asked certain questions and flipping some switches. That station assumed it was ok to tell Glenn. This came back to Mercury Control, and then they started to work with the guy in the capsule.

Comments are closed.